PT-2026-27785 · Kiteworks · Secure Data Forms
Published
2026-03-25
·
Updated
2026-03-25
·
CVE-2026-24750
CVSS v3.1
7.6
High
| AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L |
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Secure Data Forms